New Info-stealer Disguised as Crack Being Distributed Posted By jcleebobgatenet , June 28, 2022 The ASEC analysis team has previously uploaded posts about various malware types that are being distributed by disguising themselves as software cracks and installers. CryptBot, RedLine, and Vidar are major example cases. Recently, a single malware type of RedLine has disappeared (it is still being distributed as a dropper type) and a new infostealer malware is being actively distributed instead. Its distribution became in full swing starting from May 20th, globally categorized as “Recordbreaker Stealer.” Some analyses see it as…
Follina Vulnerability (CVE-2022-30190) Attack Using ‘Antimicrobial Film Request’ File Posted By jcleebobgatenet , June 15, 2022 On June 7th, the ASEC analysis team swiftly uploaded a brief introduction of a zero-day vulnerability for Microsoft Office files (Follina). As the patch for the vulnerability is not distributed yet, users are advised to take caution. Caution! Microsoft Office Zero-day Vulnerability Follina (CVE-2022-30190) AhnLab has distributed a detection rule for attack attempts exploiting the vulnerability from the perspectives of file and behavior detections. The vulnerability can be detected by various AhnLab products (V3, MDS, and EDR). While the team…
NSIS Installer Malware Included with Various Malicious Files Posted By jcleebobgatenet , June 2, 2022 The ASEC analysis team recently discovered attackers distributing multiple malicious files with NSIS installers. NSIS (Nullsoft Scriptable Install System) is normally used to create installers for certain programs. It can be also used for creating malware strains as it is script-based and thus makes nearly identical forms for NSIS installers. NSIS installer-type malware strains have been used a lot by attackers. The type introduced in this post includes multiple malicious files in a single installer: running one file will infect…
Method that Tricks Users to Perceive Attachment of PDF File as Safe File Posted By jcleebobgatenet , May 25, 2022 The ASEC analysis team has discovered the distribution of info-stealer malware using Attachment feature of PDF files. This attack method was discovered previously, but as the malware of this type has resurfaced and is being actively distributed, the team would like to share the information. Note that the attacker used a simple trick of using the attachment’s name to deceive users. Acrobat Reader has a feature of adding attachments to PDF files. Files with extensions such as .bin/.exe/.bat/.chm are blacklisted…
[Caution] Virus/XLS Xanpei Infecting Normal Excel Files Posted By Hansoyoung , April 13, 2022 The ASEC analysis team has recently discovered the constant distribution of malware strains that spread the infection when Excel file is opened. Besides infecting normal Excel files, they can also perform additional malicious behaviors such as acting as a downloader and performing DNS Spoofing, therefore, users need to take great caution. The common trait of the malware strains is to spread the virus through the VBA (Visual Basic for Applications) codes included in Excel files. Upon opening the infected Excel…
